On Sun, Jun 05, 2022 at 08:44:22PM +0200, Sebastian Andrzej Siewior wrote:
> On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote:
> > Hi Sebastian
> Hi Sebastian,
>
> > > Otherwise I'd fear that the only other options are openssl breaking
> > > libssl1.1 or renaming /etc/ssl/openssl.cnf to ha
On Thu, May 26, 2022 at 06:26:57PM +0200, Sebastian Ramacher wrote:
>
> That leaves #1011051. What's your view on that bug?
So my understanding is that 1.1.1 doesn't understand the new
configuration file and tries to load an engine (instead of a
provider).
We could ship a file that's comptabile
On Tue, Mar 22, 2022 at 10:13:25PM +0100, Sebastian Andrzej Siewior wrote:
> On 2022-03-22 21:47:52 [+0100], Kurt Roeckx wrote:
> > On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> > > OpenSSL signature algorith
On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> OpenSSL signature algorithm check tightening
> =
>
> The OpenSSL update included in this point release includes a change to
> ensure that the requested signature algorithm is supported by
On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> Is the note below accurate?
Yes.
Kurt
On Tue, Mar 22, 2022 at 07:37:00PM +, Adam D. Barratt wrote:
> On Mon, 2022-03-21 at 00:12 +0100, Sebastian Andrzej Siewior wrote:
> > The change in openssl is commit
> >cc7c6eb8135b ("Check that the default signature type is allowed")
> >
> > Before the commit in question it connects as:
On Mon, Mar 21, 2022 at 12:12:11AM +0100, Sebastian Andrzej Siewior wrote:
>
> The change in openssl is commit
>cc7c6eb8135b ("Check that the default signature type is allowed")
So that's:
commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2
Author: Kurt Roeckx
Date:
On Sun, Mar 20, 2022 at 10:00:15PM +0100, Paul Gevers wrote:
> Dear Sebastian, Kurt,
>
> On 19-03-2022 12:33, Adam D Barratt wrote:
> > Upload details
> > ==
> >
> > Package: openssl
> > Version: 1.1.1n-0+deb10u1
> >
> > Explanation: new upstream release
>
> We're seeing a regressio
On Fri, Mar 18, 2022 at 10:22:57PM +0100, Sebastian Andrzej Siewior wrote:
> On 2022-03-18 14:51:32 [+], Adam D. Barratt wrote:
> > Boo. Hope you're doing better.
>
> Thanks, yes.
>
> > > I would also do the upload for Buster, would that work? I remember
> > > that
> > > the packages, that br
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi,
We would like to transition to OpenSSL 3.0.0. It's currently in
experimental. It has an soname change, so the binary packages got
renamed and binNMUs will be required.
We did a rebu
On Thu, Jan 14, 2021 at 07:03:37PM +0100, Kurt Roeckx wrote:
> There are a whole bunch of other issues and pull requests related to
> this. I hope this is the end of the regressions in the X509 code.
So there is something else now:
https://github.com/openssl/openssl/issues/13931
On Thu, Jan 14, 2021 at 09:13:49PM +0100, Sebastian Andrzej Siewior wrote:
> On 2021-01-14 19:03:37 [+0100], Kurt Roeckx wrote:
> > > Do you have pointers to upstream issues?
> >
> > There are a whole bunch of other issues and pull requests related to
> > this.
On Thu, Jan 14, 2021 at 05:43:00PM +, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2021-01-08 at 23:59 +0100, Kurt Roeckx wrote:
> > On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior
> > wrote:
> [...]
> > > The i release in unstable mana
On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior wrote:
> On 2020-11-24 20:18:15 [+], Adam D. Barratt wrote:
>
> > At some point, could we please have a combined / single diff between
> > the current 1.1.1d-0+deb10u3 and the proposed 1.1.1h-0+deb10u1 (I
> > assume)?
>
> Ple
ip an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200
+
openssl (1.1.1b-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/d
On Thu, Oct 18, 2018 at 04:05:32PM +0200, Mattia Rizzolo wrote:
> On Thu, Oct 18, 2018 at 04:01:59PM +0300, Niko Tyni wrote:
> > On Wed, Oct 17, 2018 at 09:21:29PM +0200, Kurt Roeckx wrote:
> > > On Wed, Oct 17, 2018 at 09:22:35PM +0300, Niko Tyni wrote:
> >
> > &
On Tue, Sep 04, 2018 at 04:41:32PM +0200, Moritz Mühlenhoff wrote:
>
> (I've been deploying customs debs of the 1.0.2x and 1.1.0x openssl releases
> at work and I haven't run into any compatibility issues/API issues during
> that).
We should really do upload all the latest point releases to all
s
On Sat, Nov 18, 2017 at 06:28:03PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2017-11-11 at 14:36 +0100, Kurt Roeckx wrote:
> > I would like to upload python2.7 to fix a problem that it can't
> > talk to SSL/TLS sites that use an ECDSA
permission
+ * Support all groups in TLS communication (Closes: #868143)
+
+ -- Kurt Roeckx Thu, 09 Nov 2017 21:58:19 +0100
+
python2.7 (2.7.13-2) unstable; urgency=medium
* Lower priority of interpreter packages to optional.
diff -u python2.7-2.7.13/debian/patches/series.in
python2.7-2.7.13/debi
On Fri, Jul 21, 2017 at 04:47:23PM -0400, Antoine Beaupré wrote:
> On 2017-07-21 22:19:20, Philipp Kern wrote:
> > My point was that you state what your delta is and essentially boils
> > down to attach the diff of what will actually happen to the .deb. I
> > think it's generally fine to add new
On Mon, Jun 05, 2017 at 11:33:57AM +0200, Cyril Brulebois wrote:
> Kurt Roeckx (2017-06-04):
> > So I've uploaded openssl 1.1.0f-2
>
> Source debdiff lgtm from -1, and installation over https works fine,
> ACK.
So I actually have a new version I want to upload:
Modified:
On Sun, Jun 04, 2017 at 06:53:29PM +0200, Cyril Brulebois wrote:
> Kurt Roeckx (2017-06-04):
> > So I changed it this instead:
> > dh_makeshlibs -a -V --add-udeb="libcrypto1.1-udeb" -Xengines
> >
> > the shlib files now looks like:
> > libcryp
On Sun, Jun 04, 2017 at 11:09:00AM +, Niels Thykier wrote:
> Kurt Roeckx:
> > [...]
> >>
> >> Maybe file this as an RC bug against openssl so that it isn't forgotten
> >> about, but ignore it for r0?
> >
> > So I have prepared an update.
On Sun, Jun 04, 2017 at 05:29:21AM +0200, Cyril Brulebois wrote:
> Niels Thykier (2017-06-03):
> > Kurt Roeckx:
> > > Package: release.debian.org
> > > User: release.debian@packages.debian.org
> > > Usertags: unblock
> > > Severity: normal
>
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new version of elfutils which fixes security
issues:
elfutils (0.168-1) unstable; urgency=medium
* Fix CVE-2017-7607 (Closes: #859996)
* Fix CVE-2017-7608 (Closes:
On Sat, May 27, 2017 at 04:00:58PM +0200, David Kalnischkies wrote:
> Control: reassign -1 libssl-dev 1.1.0e-2
> Control: retitle -1 libssl-dev: declare conflict with libssl1.0-dev to help
> apt find solutions
[...]
> Not being installable is the problem of the package which isn't
> installable –
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new upstream version of openssl1.0 that contains bug
fixes. The Debian changelog says:
* New upstream release
- Properly detect features on the AMD Ryzen process
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new upstream version of openssl that contains bug
fixes. The Debian changelog says:
* New upstream version
- Fix regression in req -x509 (Closes: #839575)
-
sable-check.patch
-- Kurt Roeckx Wed, 22 Mar 2017 21:53:40 +0100
The upstream changes are:
(4.2.8p10)
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017)
* [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock
(Pentest report 01.2017)
* [Sec 3387] NTP-0
On Sun, Feb 19, 2017 at 07:33:20AM +0100, Cyril Brulebois wrote:
> Kurt Roeckx (2017-02-18):
> > On Sat, Feb 18, 2017 at 06:16:28PM +0100, Cyril Brulebois wrote:
> > > How soon do you want to see this package in testing? Given I've just
> > > fixed a few things rel
On Sat, Feb 18, 2017 at 06:16:28PM +0100, Cyril Brulebois wrote:
> Hi,
>
> Niels Thykier (2017-02-18):
> > Kurt Roeckx:
> > > Package: release.debian.org
> > > User: release.debian@packages.debian.org
> > > Usertags: unblock
> > > Severit
-2017-3733
- Remove patches that are applied upstream.
-- Kurt Roeckx Thu, 16 Feb 2017 18:57:58 +0100
I've attached the full debdiff between the version in testing and
unstable.
Kurt
diff -Nru openssl-1.1.0d/apps/openssl.c openssl-1.1.0e/apps/openssl.c
--- openssl-1.1.0d/apps/openssl.c
On Sun, Jan 01, 2017 at 04:37:48PM +0100, Raphael Hertzog wrote:
> On Sat, 31 Dec 2016, Julien Cristau wrote:
> > On Thu, Dec 22, 2016 at 13:37:11 +0100, Sebastian Andrzej Siewior wrote:
> >
> > > tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in its
> > > source?
> > >
> > > sslscan
On Mon, Nov 07, 2016 at 08:54:49PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: failed armhf build of xen 4.8.0~rc3-1 [and 1 more
> messages]"):
> > On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> > > Have I done something wrong ? D
On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> Debian buildds writes ("failed armhf build of xen 4.8.0~rc3-1"):
> > * Source package: xen
> > * Version: 4.8.0~rc3-1
> > * Architecture: armhf
> > * State: failed
> > * Suite: sid
> > * Builder: hartmann.debian.org
> > * Build l
On Sun, Oct 30, 2016 at 10:18:32PM +0200, Adrian Bunk wrote:
>
> If everything that is important in 1.1.0 should be used by all
> users of OpenSSL in stretch, then the best solution for stretch
> is to ship only 1.0.2 and add all desired features there.
And I guess you're going to add all those f
On Wed, Oct 26, 2016 at 10:55:19AM +0200, Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
>
> On 25/10/16 20:09, Moritz Muehlenhoff wrote:
> > On Wed, Oct 19, 2016 at 10:44:08PM +0200, Kurt Roeckx wrote:
> >> On Mon, Oct 17, 2016 at 08:52:31PM +0200, Emil
On Wed, Oct 26, 2016 at 08:53:56PM +0200, Emilio Pozuelo Monfort wrote:
>
> Adrian Bunk asked whether mixing both OpenSSL versions into the same address
> space works fine. Is OpenSSL using symbol versioning?
Yes, and all symbols have a different version name in 1.0.2 and
1.1.0. (What is actually
On Mon, Oct 17, 2016 at 08:52:31PM +0200, Emilio Pozuelo Monfort wrote:
>
> I'm sorry but I'm going to have to nack this for Stretch, as much as I like to
> approve transitions and get new stuff in. I have looked at the opened bugs and
> I'm afraid this still is too disruptive. I have noticed that
On Sun, Sep 18, 2016 at 09:33:43PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:42:59PM +0200, Kurt Roeckx wrote:
> > On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> > > On 11/06/16 20:59, Kurt Roeckx wrote:
> > > > OpenSSL wi
On Sat, Jun 11, 2016 at 09:42:59PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> > On 11/06/16 20:59, Kurt Roeckx wrote:
> > > OpenSSL will soon release a new upstream version with a new
> > > soname. This new
On Thu, Sep 15, 2016 at 11:44:42PM +0200, Christoph Berg wrote:
> Re: Kurt Roeckx 2016-06-11 <20160611194259.ga6...@roeckx.be>
> > > > If I'm ready to upload it to unstable, can I start this
> > > > transition? Are there things you want me to do?
> >
On Tue, Aug 23, 2016 at 09:47:22PM +0200, Kurt Roeckx wrote:
> The current debdiff we'd like to upload is:
> diff -Nru openssl-1.0.1t/debian/changelog openssl-1.0.1t/debian/changelog
> --- openssl-1.0.1t/debian/changelog 2016-05-15 21:16:55.0 +0200
> +++ openssl-1.0.1t
enssl (1.0.1t-1+deb8u3) jessie; urgency=medium
+
+ [ Kurt Roeckx ]
+ * Fix length check for CRLs. (Closes: #826552)
+
+ [ Sebastian Andrzej Siewior ]
+ * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
+(Closes: #833156).
+
+ -- Kurt Roeckx Sat, 11 Jun 2016 19:18:11
On Sat, Jul 30, 2016 at 08:45:25PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + pending
>
> On Sat, 2016-07-30 at 10:51 +0200, Kurt Roeckx wrote:
> > On Fri, Jul 29, 2016 at 01:40:17PM +0200, Julien Cristau wrote:
> > > Control: tag -1 confirmed
> > >
>
On Wed, Aug 17, 2016 at 10:05:06PM +0200, ni...@thykier.net wrote:
> * If we were to enable -fPIE/-pie by default in GCC-6, should that change
>also apply to this port? [0]
If -fPIE is the default will -fPIC override it?
It will also default to tell the linker to use -pie, but then
don't do
On Fri, Jul 29, 2016 at 01:40:17PM +0200, Julien Cristau wrote:
> Control: tag -1 confirmed
>
> On Mon, Jul 25, 2016 at 23:28:14 +0200, Kurt Roeckx wrote:
>
> > Package: release.debian.org
> > Tags: jessie
> > User: release.debian@packages.debian.org
> >
Package: release.debian.org
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I would like to fix #800446 in stable. It was caused by the
uploader not using the current version of automake when uploading
the binary package. The i386 and amd64 version need to be build
us
I guess I should just keep the SSLv2 symbols. I assume you don't
have a problem with the other change?
Kurt
On Thu, Jun 23, 2016 at 10:58:54AM +0200, Yann Soubeyrand wrote:
> Package: openssl
> Severity: normal
> Version: 1.0.1t-1+deb8u2
> X-Debbugs-CC: debian-release@lists.debian.org
> X-Debbugs-CC: debian-b...@lists.debian.org
>
> Hi,
>
> Marga Manterola provided a patch to build a libssl udeb as wel
On Mon, Jun 13, 2016 at 10:19:29AM +0200, Julien Cristau wrote:
> On Mon, Jun 13, 2016 at 00:50:05 +0200, Kurt Roeckx wrote:
>
> > I should probably add that I don't intend to fix this in
> > testing/unstable. There are probably reverse dependencies that
> > saw th
On Sat, Jun 11, 2016 at 11:35:24PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > > The SSLv2 methods actually di
On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > The SSLv2 methods actually didn't exist in jessie, but some
> > defaults where changed and the SSLv2 methods now
On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> On 11/06/16 20:59, Kurt Roeckx wrote:
> > OpenSSL will soon release a new upstream version with a new
> > soname. This new version will break various packages, see:
> > https://lists.debian.org/debian-d
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi,
OpenSSL will soon release a new upstream version with a new
soname. This new version will break various packages, see:
https://lists.debian.org/debian-devel/2016/06/msg00205.html
I
016-06-11 19:20:02.0 +0200
@@ -1,3 +1,11 @@
+openssl (1.0.1t-1+deb8u3) jessie; urgency=medium
+
+ * Disable SSLv2 methods again, changes upstream has split no-ssl2 into
+no-ssl2 and no-ssl2-method
+ * Fix length check for CRLs. (Closes: #826552)
+
+ -- Kurt Roeckx Sat, 11 Jun 2016 19:18:11 +
On Sun, May 15, 2016 at 08:09:06PM +0100, Adam D. Barratt wrote:
> On Wed, 2016-05-11 at 23:48 +0200, Sebastian Andrzej Siewior wrote:
> > control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2
> >
> > On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote:
> >
- Use correct digest when exporting keying material (Closes: #807057)
+- Fix CVE-2015-3197 (not affected, SSLv2 disabled)
+- Fix CVE-2015-1793 (1.0.1n+ is affected and last upload was k)
+
+ -- Kurt Roeckx Fri, 06 May 2016 15:56:09 +0200
+
openssl (1.0.1k-3+deb8u5) jessie-security; urgency=m
On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> Closing this as resolved, there will not be any further updates to
> wheezy, and jessie updates will be handled in separate bugs.
You mean I should file an other bug for just the same question?
Kurt
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees - vi
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore need
On Mon, Mar 21, 2016 at 10:20:43PM +0100, Julien Cristau wrote:
> I don't think dlopen(libssl) vs gcc -lssl makes any difference
> licensing-wise, I suspect either they're both ok or they're both not
> ok...
I assume the problem is not with Qt itself, but with other
applications making use of Qt.
mittedly, the description of the changes between 1.0.1k and 1.0.1q,
> > according to NEWS/CHANGES don't immediately look crazy.
>
> Comparing those against the package changelog and Security Tracker and
> ignoring changes which are apparently only relevant if SSLv2 is enable
On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> [dropped explicit CCs to RT and TC members]
>
> On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > So from what I'm gath
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
>
> Even a naively filtered diff - excluding documentation and tests -
> between the 1.0.1k tag and HEAD on upstream's stable branch is much
> larger than I'd imagined (1091 files changed, 73609+, 68591-), but
> paging through it the
On Wed, Nov 04, 2015 at 11:57:00AM -0600, Don Armstrong wrote:
>
> In this specific case, the specific set of changes which have been made,
> coupled with documenting the policy of upstream for testing and making
> changes to openssl would be a good start.
I've pointed to upstream's policy before
On Sat, Nov 07, 2015 at 12:30:11PM +0100, Emilio Pozuelo Monfort wrote:
> All the rdeps have been binNMUed at this stage. Now bugs need to be reported
> so
> the buggy packages are either fixed or leave testing.
I'll work on it when I have time.
Kurt
On Sun, Nov 01, 2015 at 06:52:08PM +0100, Emilio Pozuelo Monfort wrote:
> >> Do the rdeps build against the new version? IOW, are there any users of the
> >> removed methods?
> >
> > There are users of the removed method. But all known ones should
> > have been changed to either not use it anymor
On Sun, Nov 01, 2015 at 03:22:29PM +0100, Emilio Pozuelo Monfort wrote:
> On 26/10/15 23:28, Emilio Pozuelo Monfort wrote:
> > On 24/10/15 11:22, Kurt Roeckx wrote:
> >> On Wed, Sep 16, 2015 at 10:17:10PM +0100, Jonathan Wiltshire wrote:
> >>> On Wed, Sep 09, 2015 at
On Sat, Oct 31, 2015 at 02:20:22PM +, Adam D. Barratt wrote:
> On Sun, 2015-06-14 at 11:52 +0200, Kurt Roeckx wrote:
> > On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> > > Is the policy for what gets included in the stable branches described
> > &g
On Sat, Oct 31, 2015 at 02:22:04PM +, Adam D. Barratt wrote:
> On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> > On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > > If there's somethin
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
>
> Let me know if you'd like the CTTE to do something beyond what
On Wed, Sep 16, 2015 at 10:17:10PM +0100, Jonathan Wiltshire wrote:
> On Wed, Sep 09, 2015 at 12:25:16PM +0200, Kurt Roeckx wrote:
> > On Thu, Sep 03, 2015 at 10:36:33PM +0100, Jonathan Wiltshire wrote:
> > > > So do I start with an soname change and upload that to
On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > > I've been waiting for the release team for a while to make a decision
> > > on #765639 for a year now. Coul
On Tue, Oct 20, 2015 at 09:57:04AM -0500, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I
Package: tech-ctte
Hi,
I've been waiting for the release team for a while to make a
decision on #765639 for a year now. Could you help in getting a
decision?
I've actually been waiting for longer than that, I can't directly
find all links, but previous discussions about it are at least:
https:/
On Fri, Aug 21, 2015 at 07:31:53PM +0200, Kurt Roeckx wrote:
> On Sun, Jun 14, 2015 at 11:52:07AM +0200, Kurt Roeckx wrote:
> > On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> > > Is the policy for what gets included in the stable branches described
> > &g
On Thu, Sep 03, 2015 at 10:36:33PM +0100, Jonathan Wiltshire wrote:
> > So do I start with an soname change and upload that to
> > experimental?
>
> Yes please.
So that has passed the new queue now. Please let me know when I
can start this in unstable.
Kurt
On Thu, Sep 03, 2015 at 10:06:17PM +0200, Julien Cristau wrote:
> On Thu, Sep 3, 2015 at 20:51:05 +0200, Kurt Roeckx wrote:
>
> > - Just drop the symbols, adding Breaks on at least some
> > packages like curl and python that are known to need a rebuild
> > aga
Package: release.debian.org
Hi,
I would like to remove the last support for SSLv3 in openssl.
This means that I'll be dropping 3 symbols from the shared
library:
SSLv3_method();
SSLv3_server_method();
SSLv3_client_method();
Those can still be used to set up SSLv3 connections, while using
the SSL
On Sun, Jun 14, 2015 at 11:52:07AM +0200, Kurt Roeckx wrote:
> On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> > Is the policy for what gets included in the stable branches described
> > somewhere?
>
> It's documented at:
> https://www.openss
On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> Is the policy for what gets included in the stable branches described
> somewhere?
It's documented at:
https://www.openssl.org/about/releasestrat.html
> What kind of automated or manual regression (or other)
> testing is done on th
On Sat, Dec 27, 2014 at 06:05:49PM +0100, Kurt Roeckx wrote:
> On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
> > I would really like to upload new upstream openssl versions from
> > the 1.0.1-stable branch to wheezy.
>
> Could someone please say something abo
On Sat, Mar 21, 2015 at 07:51:32PM +, Adam D. Barratt wrote:
> Control: tags -1 + d-i
>
> On Sat, 2015-03-21 at 10:40 +0100, Kurt Roeckx wrote:
> > 1.0.1k-2 contains security fixes. Could you please unblock it?
>
> Unblocked but needs a d-i ack as usual.
I've jus
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
1.0.1k-2 contains security fixes. Could you please unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? C
On Thu, Mar 05, 2015 at 01:38:29PM +0300, Michael Tokarev wrote:
> But once I
> uploaded a next release of busybox to the archive, it was rebuilt
> using older, unfixed glibc, and the original problem reappeared.
I didn't see any request to make sure the chroots are updated.
Not having read the wh
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
ntp 1:4.2.6.p5+dfsg-5 has 2 security fixes. Can you please
unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Tr
Hi,
Can you ACK that, or is there someone else in the d-i team that
can do that?
Kurt
On Wed, Jan 14, 2015 at 05:52:58PM +0100, Niels Thykier wrote:
> Control: tags -1 d-i
>
> On 2015-01-10 12:01, Kurt Roeckx wrote:
> > Package: release.debian.org
> > Severity: normal
>
On Wed, Jan 14, 2015 at 12:00:52AM +0100, Julien Cristau wrote:
> Kurt,
>
> On Tue, Jan 13, 2015 at 23:22:08 +0100, Kurt Roeckx wrote:
>
> > On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
> > > Package: release.debian.org
> > > Severit
On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Hi,
>
> I've uploaded a new upstream version of openssl to unstable. This
> cont
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I've uploaded a new upstream version of openssl to unstable. This
contains fixes for 7 security issues affecting jessie. It also
contains a lot of other bug fixes.
Can you please unb
On Wed, Dec 31, 2014 at 02:00:23PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote:
> > I would like to disable SSLv3 by default in wheezy.
>
> Do we know how well other packages in wheezy cope with that?
sl3 option (yet).
+
+ -- Kurt Roeckx Wed, 31 Dec 2014 13:45:07 +0100
+
openssl (1.0.1e-2+deb7u13) wheezy-security; urgency=medium
* Fixes CVE-2014-3513
diff -Nru openssl-1.0.1e/debian/patches/disable_sslv3.patch openssl-1.0.1e/debian/patches/disable_sslv3.patch
--- openssl-1.0.1e/debi
On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
> I would really like to upload new upstream openssl versions from
> the 1.0.1-stable branch to wheezy.
Could someone please say something about this request?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debi
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>
> If I understand your reply correctly, the version in Ubuntu and Fedora
> will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
> Do you believe it would be reasonable for me to request a smaller
> unblock that just
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>
> Is it something that is going to happen with Ubuntu releases next year
> (e.g. April 2015)?
>
> If so, it means that the repro package in jessie won't talk to a repro
> package in Ubuntu.
I think there is some misunderstanding.
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>
> Will the TLSv1 method be removed in jessie or while jessie is still
> supported?
This is something post jessie.
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>
> I have no idea what technology is in use in the remote/client system.
>
> If my server socket is using TLSv1_method it is rejecting the connection
> and logging those errors on my server:
>
> error:1408F10B:SSL routines:SSL3_GET_
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
> >> Just one other point: if somebody is trying sending the client hello
> >> using SSL v2 record layer but indicating support for TLS v1.0, should
> >> TLSv1_method or SSLv23_method accept that?
> > I would expect that both should sup
1 - 100 of 276 matches
Mail list logo